On most [[Unix]] systems the tools [[md5]] or [[md5sum]] can be used to compute the MD5 hash of a file or device. [[md5deep]] can compute MD5 hashes of whole directory trees.

+

On most [[Unix]] systems the tools [[digest]] -a md5 (Solaris), [[md5]] (BSD) or [[md5sum]] (GNU) can be used to compute the MD5 hash of a file or device. [[md5deep]] can compute MD5 hashes of whole directory trees.

== Weaknesses ==

== Weaknesses ==

−

Recently some cryptographic weaknesses have been found in MD5. Tool developers should avoid using MD5 in new products in favor of other hash functions like [[SHA-1]] or [[SHA-256]].

+

Recently some cryptographic weaknesses have been found in MD5. Tool developers should avoid using MD5 in new products in favor of other hash functions like [[RIPEMD-160]], [[Tiger]], [[WHIRLPOOL]], [[SHA-256]] or [[SHA-512]]. Host Intrusion Detection systems and hash databases should also use multiple hash algorithms.

* [http://unixsadm.blogspot.com/2007/11/exploiting-md5-and-other-hashing.html Collection of exploits and weaknesses in MD5]

[[Category:Hashing]]

[[Category:Hashing]]

Latest revision as of 18:28, 19 December 2007

The Message-Digest algorithm 5 (MD5) is a cryptographic hash function that produces a 128-bit hash value. Originally developed in 1991, much as has been written about this algorithm. As such, this article concentrates only on its application to computer forensics.

Tools

On most Unix systems the tools digest -a md5 (Solaris), md5 (BSD) or md5sum (GNU) can be used to compute the MD5 hash of a file or device. md5deep can compute MD5 hashes of whole directory trees.

Weaknesses

Recently some cryptographic weaknesses have been found in MD5. Tool developers should avoid using MD5 in new products in favor of other hash functions like RIPEMD-160, Tiger, WHIRLPOOL, SHA-256 or SHA-512. Host Intrusion Detection systems and hash databases should also use multiple hash algorithms.